Lance submitted "Martin Rakhmanoff has discovered a new buffer overrun issue in the pwdencrypt hash function for sql server."

Unfortunately the link doesn't provide much information other than it is a confirmed bug in SQL Server 2000. You should take standard precautions to prevent buffer overflow hacks if you aren't already (the site has more links on this)